Popular remote access software developer TeamViewer has added two new security features to its product as speculation continues around a compromise, with users reporting unauthorised access attempts on their systems.
TeamViewer users worldwide, including in Australia, have taken to social media and forums to share details of unknown attackers accessing their systems remotely, and in some cases, emptying bank accounts and conducting transactions on PayPal and other sites.
In response to the persistent user reports, TeamViewer denied last month that it had suffered a security compromise.
Instead, the company said the unauthorised access attempts were most likely due to reused passwords from one or more recent large data breaches such as LinkedIn, which saw hundreds of millions of user credentials leaked.
Despite denying an attack, the company has now added two new authentication features to protect against unauthorised access.
The first, Trusted Devices, will ask users to approve new devices when users sign into them via TeamViewer for the first time. An in-app notification will ask users to confirm the device in question through a link sent to their registered email addresses.
TeamViewer will also debut a behavioural detection system: if activity that suggests a compromise has taken place, such as logins from unusual locations, TeamViewer will issue a forced password reset for the user account in question.
The remote access software vendor also suggested users activate two-factor authentication with challenge and response codes, and ensure that their passwords are strong and complex and not reused elsewhere.
